SSL Certificate Installation in Microsoft IIS 4.x

How to install your SSL Certificate to your Windows NT Server

Install the Primary Server Certificate File using Key Manager

  1. Download your Root, Intermediate, and Primary Certificate files.
  2. Go to Key Manager.
  3. Install the new IIS Primary SSL Server certificate (your_domain.crt) by clicking on the key in the www directory (usually a broken key icon with a line through it), and select "Install Key Certificate".
  4. Enter the Password.
  5. When you are prompted for bindings, add the IP and Port Number. "Any assigned" is acceptable if you do not have any other IIS SSL certificates installed on the web server.

Note: Multiple certificates installed on the same web server will require a separate IP Address for each because SSL does not support host headers.

  1. Go to the Computers menu and select the option "Commit Changes", or close Key Manager and select "Yes" when prompted to commit changes.
  2. The new IIS Primary SSL Server certificate is now successfully installed.
  3. Back up the Key in Key Manager by clicking on Key menu> Export -> Backup File. Store the backup file on the hard drive AND off the server.

Note: Before users' browsers will automatically trust your certificate, you must also install the Intermediate Certificates on your Server.

Install the Intermediate Certificate Files

Once you have installed the Primary Server Certificate, restart the machine running IIS 4. You must now complete one of the following procedures - the procedure you follow is dependent on the Service Pack that has been implemented on your machine running IIS4.

ServicePack 3:

  1. Install the Intermediate and Root Certificates in your Internet Explorer by opening each certificate and clicking "Install Certificate".
  2. You may then use this IIS CA batch file to transfer all root certificates from your Internet Explorer to the IIS Certificate store.

ServicePack 4 or later:

  1. Double-click the root certificate (TrustedRoot.crt) to open the installation wizard.
  2. Choose 'Place all certificates in the following store', then click on Browse.
  3. Choose 'Show physical stores', and 'Trusted Root Certification Authorities', and finally 'Local Computer'. Then click Ok and hit Next in the wizard, then Finish.
  4. Then follow the same steps for the intermediate certificate (DigiCertCA.crt), but place it in the store for 'Intermediate Certification Authorities' instead.
  5. Restart your Server (Restarting IIS only will not update the SSL Certificate you must Restart the Server).